1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
% Isabelle characters
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
\definecolor{javared}{rgb}{0.6,0,0} % for strings
46 |
\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments
47 |
\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords
48 |
\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
% beamer stuff
96 |
\renewcommand{\slidecaption}{APP 07, King's College London, 13 November 2012}
97 |
\newcommand{\dn}{\stackrel{\mbox{\scriptsize def}}{=}}% for definitions
98 |
99 |
100 |
101 |
% The data files, written on the first run.
102 |
103 |
1 0.029
104 |
5 0.029
105 |
10 0.029
106 |
15 0.032
107 |
16 0.042
108 |
17 0.042
109 |
18 0.055
110 |
19 0.084
111 |
20 0.136
112 |
21 0.248
113 |
22 0.464
114 |
23 0.899
115 |
24 1.773
116 |
25 3.505
117 |
26 6.993
118 |
27 14.503
119 |
28 29.307
120 |
#29 58.886
121 |
122 |
123 |
124 |
1 0.00179
125 |
2 0.00011
126 |
3 0.00014
127 |
4 0.00026
128 |
5 0.00050
129 |
6 0.00095
130 |
7 0.00190
131 |
8 0.00287
132 |
9 0.00779
133 |
10 0.01399
134 |
11 0.01894
135 |
12 0.03666
136 |
13 0.07994
137 |
14 0.08944
138 |
15 0.02377
139 |
16 0.07392
140 |
17 0.22798
141 |
18 0.65310
142 |
19 2.11360
143 |
20 6.31606
144 |
21 21.46013
145 |
146 |
147 |
148 |
1 0.00240
149 |
2 0.00013
150 |
3 0.00020
151 |
4 0.00030
152 |
5 0.00049
153 |
6 0.00083
154 |
7 0.00146
155 |
8 0.00228
156 |
9 0.00351
157 |
10 0.00640
158 |
11 0.01217
159 |
12 0.02565
160 |
13 0.01382
161 |
14 0.02423
162 |
15 0.05065
163 |
16 0.06522
164 |
17 0.02140
165 |
18 0.05176
166 |
19 0.18254
167 |
20 0.51898
168 |
21 1.39631
169 |
22 2.69501
170 |
23 8.07952
171 |
172 |
173 |
174 |
1 0.00069
175 |
301 0.00700
176 |
601 0.00297
177 |
901 0.00470
178 |
1201 0.01301
179 |
1501 0.01175
180 |
1801 0.01761
181 |
2101 0.01787
182 |
2401 0.02717
183 |
2701 0.03932
184 |
3001 0.03470
185 |
3301 0.04349
186 |
3601 0.05411
187 |
3901 0.06181
188 |
4201 0.07119
189 |
4501 0.08578
190 |
191 |
192 |
193 |
1 0.001605
194 |
501 0.131066
195 |
1001 0.057885
196 |
1501 0.136875
197 |
2001 0.176238
198 |
2501 0.254363
199 |
3001 0.37262
200 |
3501 0.500946
201 |
4001 0.638384
202 |
4501 0.816605
203 |
5001 1.00491
204 |
5501 1.232505
205 |
6001 1.525672
206 |
6501 1.757502
207 |
7001 2.092784
208 |
7501 2.429224
209 |
8001 2.803037
210 |
8501 3.463045
211 |
9001 3.609
212 |
9501 4.081504
213 |
10001 4.54569
214 |
215 |
216 |
217 |
218 |
219 |
220 |
221 |
222 |
223 |
\begin{tabular}{@ {}c@ {}}
224 |
225 |
\LARGE Access Control and \\[-3mm]
226 |
\LARGE Privacy Policies (7)\\[-6mm]
227 |
228 |
229 |
230 |
231 |
232 |
233 |
234 |
235 |
236 |
Email: & christian.urban at kcl.ac.uk\\
237 |
Of$\!$fice: & S1.27 (1st floor Strand Building)\\
238 |
Slides: & KEATS (also homework is there)\\
239 |
240 |
241 |
242 |
243 |
244 |
245 |
246 |
247 |
248 |
249 |
250 |
251 |
252 |
253 |
254 |
\draw (0.0,0.0) node {\LARGE \bl{$\Gamma \vdash F$}};
255 |
256 |
\draw (-1,-0.3) node (X) {};
257 |
\draw (-2.0,-2.0) node (Y) {};
258 |
\draw (0.7,-3) node {\begin{tabular}{l}Gamma\\stands for a collection of formulas\\(``assumptions'')\end{tabular}};
259 |
\draw[red, ->, line width = 2mm] (Y) -- (X);
260 |
261 |
\draw (1.2,-0.1) node (X1) {};
262 |
\draw (2.8,-0.1) node (Y1) {};
263 |
\draw (4.5,-0.1) node {\begin{tabular}{l}a single formula\end{tabular}};
264 |
\draw[red, ->, line width = 2mm] (Y1) -- (X1);
265 |
266 |
\draw (-0.1,0.1) node (X2) {};
267 |
\draw (0.5,1.5) node (Y2) {};
268 |
\draw (1,1.8) node {\begin{tabular}{l}entails sign\end{tabular}};
269 |
\draw[red, ->, line width = 2mm] (Y2) -- (X2);}
270 |
271 |
272 |
273 |
274 |
275 |
\footnotesize Gimel (Phoenician), Gamma (Greek), C and G (Latin), Gim (Arabic),\\[-2mm] ?? (Indian), Ge (Cyrillic)
276 |
277 |
278 |
279 |
280 |
281 |
282 |
\frametitle{Inference Rules}
283 |
284 |
285 |
286 |
287 |
\draw (0.0,0.0) node
288 |
{\Large\bl{\infer{\Gamma \vdash F_1 \wedge F_2}{\Gamma \vdash F_1 & \Gamma \vdash F_2}}};
289 |
290 |
\draw (-0.1,-0.7) node (X) {};
291 |
\draw (-0.1,-1.9) node (Y) {};
292 |
\draw (-0.2,-2) node {\begin{tabular}{l}conclusion\end{tabular}};
293 |
\draw[red, ->, line width = 2mm] (Y) -- (X);
294 |
295 |
\draw (-1,0.6) node (X2) {};
296 |
\draw (0.0,1.6) node (Y2) {};
297 |
\draw (0,1.8) node {\begin{tabular}{l}premisses\end{tabular}};
298 |
\draw[red, ->, line width = 2mm] (Y2) -- (X2);
299 |
\draw (1,0.6) node (X3) {};
300 |
\draw (0.0,1.6) node (Y3) {};
301 |
\draw[red, ->, line width = 2mm] (Y3) -- (X3);
302 |
303 |
304 |
305 |
306 |
307 |
308 |
\bl{$P \,\text{says}\, F \vdash Q\,\text{says}\, F\wedge P \,\text{says}\, G $}
309 |
310 |
311 |
312 |
313 |
\bl{$\underbrace{P \,\text{says}\, F}_{\Gamma} \vdash \underbrace{Q\,\text{says}\, F}_{F_1} \,\wedge
314 |
\underbrace{P \,\text{says}\, G}_{F_2} $}
315 |
316 |
317 |
318 |
319 |
320 |
321 |
322 |
323 |
324 |
325 |
326 |
\bl{\infer{\Gamma \vdash F_2}{\Gamma \vdash F_1\Rightarrow F_2 & \Gamma \vdash F_1}}\bigskip\bigskip\bigskip
327 |
328 |
\bl{\infer{\Gamma\vdash P\,\text{says}\, F}{\Gamma \vdash F}}
329 |
330 |
331 |
332 |
333 |
334 |
335 |
336 |
337 |
\frametitle{Digression: Proofs in CS}
338 |
339 |
Formal proofs in CS sound like science fiction?\pause{} Completely irrelevant!\pause
340 |
341 |
342 |
\item in 2008, verification of a small C-compiler\medskip
343 |
\item in 2010, verification of a micro-kernel operating system (approximately 8700 loc)
344 |
345 |
\item 200k loc of proof
346 |
\item 25 - 30 person years
347 |
\item found 160 bugs in the C code (144 by the proof)
348 |
349 |
350 |
351 |
352 |
353 |
354 |
355 |
356 |
357 |
358 |
359 |
\begin{tabular}{c@ {\hspace{2mm}}c}
360 |
361 |
362 |
363 |
{\footnotesize Bob Harper}\\[-2.5mm]
364 |
{\footnotesize (CMU)}
365 |
366 |
367 |
368 |
{\footnotesize Frank Pfenning}\\[-2.5mm]
369 |
{\footnotesize (CMU)}
370 |
\end{tabular} &
371 |
372 |
373 |
374 |
\color{gray}{published a proof about a specification in a journal (2005),
375 |
376 |
377 |
378 |
379 |
380 |
381 |
382 |
383 |
{\footnotesize Andrew Appel}\\[-2.5mm]
384 |
{\footnotesize (Princeton)}
385 |
\end{tabular} &
386 |
387 |
388 |
389 |
\color{gray}{relied on their proof in a\\ {\bf security} critical application}
390 |
391 |
392 |
393 |
394 |
395 |
396 |
397 |
398 |
399 |
\frametitle{Proof-Carrying Code}
400 |
401 |
402 |
403 |
404 |
405 |
\draw[help lines,cream] (0,0.2) grid (8,4);
406 |
407 |
\draw[line width=1mm, red] (5.5,0.6) rectangle (7.5,4);
408 |
\node[anchor=base] at (6.5,2.8)
409 |
{\small\begin{tabular}{@ {}p{1.9cm}@ {}}\centering user: untrusted code\end{tabular}};
410 |
411 |
\draw[line width=1mm, red] (0.5,0.6) rectangle (2.5,4);
412 |
\node[anchor=base] at (1.5,2.3)
413 |
{\small\begin{tabular}{@ {}p{1.9cm}@ {}}\centering developer ---\\ web server\end{tabular}};
414 |
415 |
416 |
\draw[line width=1mm, red, fill=red] (5.5,0.6) rectangle (7.5,1.8);
417 |
\node[anchor=base,white] at (6.5,1.1)
418 |
{\small\begin{tabular}{@ {}p{1.9cm}@ {}}\bf\centering proof- checker\end{tabular}};}
419 |
420 |
\node at (3.8,3.0) [single arrow, fill=red,text=white, minimum height=3cm]{\bf code};
421 |
422 |
\node at (3.8,1.3) [single arrow, fill=red,text=white, minimum height=3cm]{\bf certificate};
423 |
\node at (3.8,1.9) {\small\color{gray}{\mbox{}\hspace{-1mm}a proof}};
424 |
425 |
426 |
427 |
428 |
429 |
430 |
431 |
432 |
433 |
434 |
435 |
%\item<4-> Appel's checker is $\sim$2700 lines of code (1865 loc of\\ LF definitions;
436 |
%803 loc in C including 2 library functions)\\[-3mm]
437 |
%\item<5-> 167 loc in C implement a type-checker
438 |
439 |
440 |
441 |
442 |
443 |
444 |
\tikzstyle{every node}=[node distance=25mm,text height=1.5ex, text depth=.25ex]
445 |
\tikzstyle{node1}=[rectangle, minimum size=10mm, rounded corners=3mm, very thick,
446 |
draw=black!50, top color=white, bottom color=black!20]
447 |
\tikzstyle{node2}=[rectangle, minimum size=12mm, rounded corners=3mm, very thick,
448 |
draw=red!70, top color=white, bottom color=red!50!black!20]
449 |
450 |
451 |
452 |
453 |
454 |
455 |
456 |
457 |
458 |
459 |
460 |
\matrix[ampersand replacement=\&,column sep=7mm, row sep=5mm]
461 |
{ \&[-10mm]
462 |
\node (def1) [node1] {\large\hspace{1mm}Spec\hspace{1mm}\mbox{}}; \&
463 |
\node (proof1) [node1] {\large Proof}; \&
464 |
\node (alg1) [node1] {\large\hspace{1mm}Alg\hspace{1mm}\mbox{}}; \\
465 |
466 |
\onslide<4->{\node {\begin{tabular}{c}\small 1st\\[-2.5mm] \footnotesize solution\end{tabular}};} \&
467 |
\onslide<4->{\node (def2) [node2] {\large Spec$^\text{+ex}$};} \&
468 |
\onslide<4->{\node (proof2) [node1] {\large Proof};} \&
469 |
\onslide<4->{\node (alg2) [node1] {\large\hspace{1mm}Alg\hspace{1mm}\mbox{}};} \\
470 |
471 |
\onslide<5->{\node {\begin{tabular}{c}\small 2nd\\[-2.5mm] \footnotesize solution\end{tabular}};} \&
472 |
\onslide<5->{\node (def3) [node1] {\large\hspace{1mm}Spec\hspace{1mm}\mbox{}};} \&
473 |
\onslide<5->{\node (proof3) [node1] {\large Proof};} \&
474 |
\onslide<5->{\node (alg3) [node2] {\large Alg$^\text{-ex}$};} \\
475 |
476 |
\onslide<6->{\node {\begin{tabular}{c}\small 3rd\\[-2.5mm] \footnotesize solution\end{tabular}};} \&
477 |
\onslide<6->{\node (def4) [node1] {\large\hspace{1mm}Spec\hspace{1mm}\mbox{}};} \&
478 |
\onslide<6->{\node (proof4) [node2] {\large\hspace{1mm}Proof\hspace{1mm}};} \&
479 |
\onslide<6->{\node (alg4) [node1] {\large\hspace{1mm}Alg\hspace{1mm}\mbox{}};} \\
480 |
481 |
482 |
\draw[->,black!50,line width=2mm] (proof1) -- (def1);
483 |
\draw[->,black!50,line width=2mm] (proof1) -- (alg1);
484 |
485 |
\onslide<4->{\draw[->,black!50,line width=2mm] (proof2) -- (def2);}
486 |
\onslide<4->{\draw[->,black!50,line width=2mm] (proof2) -- (alg2);}
487 |
488 |
\onslide<5->{\draw[->,black!50,line width=2mm] (proof3) -- (def3);}
489 |
\onslide<5->{\draw[->,black!50,line width=2mm] (proof3) -- (alg3);}
490 |
491 |
\onslide<6->{\draw[->,black!50,line width=2mm] (proof4) -- (def4);}
492 |
\onslide<6->{\draw[->,black!50,line width=2mm] (proof4) -- (alg4);}
493 |
494 |
\onslide<3->{\draw[white,line width=1mm] (1.1,3.2) -- (0.9,2.85) -- (1.1,2.35) -- (0.9,2.0);}
495 |
496 |
497 |
498 |
499 |
500 |
501 |
502 |
503 |
504 |
505 |
\node at (0,0) [single arrow, shape border rotate=270, fill=red,text=white]{2h};
506 |
507 |
508 |
509 |
510 |
511 |
512 |
513 |
514 |
515 |
\frametitle{Mars Pathfinder Mission 1997}
516 |
517 |
518 |
519 |
520 |
521 |
522 |
523 |
524 |
\item despite NASA's famous testing procedure, the lander crashed frequently on Mars
525 |
\item problem was an algorithm not used in the OS
526 |
527 |
528 |
529 |
530 |
531 |
532 |
533 |
534 |
\frametitle{Priority Inheritance Protocol}
535 |
536 |
537 |
\item an algorithm that is widely used in real-time operating systems
538 |
\item hash been ``proved'' correct by hand in a paper in 1983
539 |
\item but the first algorithm turned out to be incorrect, despite the ``proof''\bigskip\pause
540 |
541 |
\item we specified the algorithm and then proved that the specification makes
542 |
543 |
\item we implemented our specification in C on top of PINTOS (Stanford)
544 |
\item our implementation was much more efficient than their reference implementation
545 |
546 |
547 |
548 |
549 |
550 |
551 |
552 |
553 |
\frametitle{Regular Expression Matching}
554 |
555 |
556 |
\begin{tabular}{@ {\hspace{-6mm}}cc}
557 |
\begin{tikzpicture}[y=.1cm, x=.15cm]
558 |
559 |
\draw (0,0) -- coordinate (x axis mid) (30,0);
560 |
\draw (0,0) -- coordinate (y axis mid) (0,30);
561 |
562 |
\foreach \x in {0,5,...,30}
563 |
\draw (\x,1pt) -- (\x,-3pt)
564 |
node[anchor=north] {\x};
565 |
\foreach \y in {0,5,...,30}
566 |
\draw (1pt,\y) -- (-3pt,\y)
567 |
node[anchor=east] {\y};
568 |
569 |
\node[below=0.3cm] at (x axis mid) {\bl{a}s};
570 |
\node[rotate=90, left=0.6cm] at (y axis mid) {secs};
571 |
572 |
573 |
\draw[color=blue] plot[mark=*, mark options={fill=white}]
574 |
file {re-python.data};
575 |
576 |
\draw[color=red] plot[mark=triangle*, mark options={fill=white} ]
577 |
file {re1.data};}
578 |
579 |
\draw[color=green] plot[mark=square*, mark options={fill=white} ]
580 |
file {re2.data};}
581 |
582 |
583 |
584 |
\draw[color=blue] (0,0) --
585 |
plot[mark=*, mark options={fill=white}] (0.25,0) -- (0.5,0)
586 |
node[right]{\footnotesize Python};
587 |
\only<1->{\draw[yshift=6mm, color=red] (0,0) --
588 |
plot[mark=triangle*, mark options={fill=white}] (0.25,0) -- (0.5,0)
589 |
node[right]{\footnotesize Scala V1};}
590 |
591 |
\draw[yshift=12mm, color=green] (0,0) --
592 |
plot[mark=square*, mark options={fill=white}] (0.25,0) -- (0.5,0)
593 |
node[right]{\footnotesize Scala V2 with simplifications};}
594 |
595 |
\end{tikzpicture} &
596 |
597 |
\begin{tikzpicture}[y=.35cm, x=.00045cm]
598 |
599 |
\draw (0,0) -- coordinate (x axis mid) (10000,0);
600 |
\draw (0,0) -- coordinate (y axis mid) (0,6);
601 |
602 |
\foreach \x in {0,2000,...,10000}
603 |
\draw (\x,1pt) -- (\x,-3pt)
604 |
node[anchor=north] {\x};
605 |
\foreach \y in {0,1,...,6}
606 |
\draw (1pt,\y) -- (-3pt,\y)
607 |
node[anchor=east] {\y};
608 |
609 |
\node[below=0.3cm] at (x axis mid) {\bl{a}s};
610 |
\node[rotate=90, left=0.6cm] at (y axis mid) {secs};
611 |
612 |
613 |
\draw[color=blue] plot[mark=*, mark options={fill=white}]
614 |
file {re-internal.data};
615 |
616 |
\draw[color=red] plot[mark=triangle*, mark options={fill=white} ]
617 |
file {re3.data};}
618 |
619 |
620 |
621 |
\draw[color=blue] (0,0) --
622 |
plot[mark=*, mark options={fill=white}] (0.25,0) -- (0.5,0)
623 |
node[right]{\footnotesize Scala Internal};
624 |
625 |
\draw[yshift=6mm, color=red] (0,0) --
626 |
plot[mark=triangle*, mark options={fill=white}] (0.25,0) -- (0.5,0)
627 |
node[right]{\footnotesize Scala V3};}
628 |
629 |
630 |
631 |
632 |
633 |
\item I needed a proof in order to make sure my program is correct
634 |
635 |
636 |
637 |
\bl{End Digression.\\ (Our small proof is 0.0005\% of the OS-proof.)}
638 |
639 |
640 |
641 |
642 |
643 |
644 |
645 |
646 |
647 |
648 |
649 |
650 |
\frametitle{Trusted Third Party}
651 |
652 |
Simple protocol for establishing a secure connection via a mutually
653 |
trusted 3rd party (server):
654 |
655 |
656 |
\begin{tabular}{@ {\hspace{-7mm}}l@{\hspace{2mm}}r@ {\hspace{1mm}}l}
657 |
Message 1 & \bl{$A \rightarrow S :$} & \bl{$A, B$}\\
658 |
Message 2 & \bl{$S \rightarrow A :$} & \bl{$\{K_{AB}\}_{K_{AS}}$} and \bl{$\{\{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$}\\
659 |
Message 3 & \bl{$A \rightarrow B :$} & \bl{$\{K_{AB}\}_{K_{BS}} $}\\
660 |
Message 4 & \bl{$A \rightarrow B :$} & \bl{$\{m\}_{K_{AB}}$}\\
661 |
662 |
663 |
664 |
665 |
666 |
667 |
668 |
669 |
670 |
\frametitle{Encrypted Messages}
671 |
672 |
673 |
\item Alice sends a message \bl{$m$}
674 |
675 |
\bl{Alice says $m$}
676 |
677 |
678 |
\item Alice sends an encrypted message \bl{$m$}\\ (with key \bl{$K$})
679 |
680 |
\bl{Alice says $\{m\}_K$}
681 |
682 |
683 |
\item Decryption of Alice's message\smallskip
684 |
685 |
\bl{\mbox{\infer{\Gamma \vdash \text{Alice}\;\text{says}\;m}
686 |
{\Gamma \vdash \text{Alice}\;\text{says}\;\{m\}_K & \Gamma \vdash \text{Alice}\,\text{says}\,K}}}
687 |
688 |
689 |
690 |
691 |
692 |
693 |
694 |
695 |
696 |
697 |
698 |
699 |
\item Encryption of a message\smallskip
700 |
701 |
\bl{\mbox{\infer{\Gamma \vdash \text{Alice}\;\text{says}\;\{m\}_K}
702 |
{\Gamma \vdash \text{Alice}\;\text{says}\;m & \Gamma \vdash \text{Alice}\,\text{says}\,K}}}
703 |
704 |
705 |
706 |
707 |
708 |
709 |
710 |
711 |
712 |
713 |
\frametitle{Trusted Third Party}
714 |
715 |
716 |
\item Alice calls Sam for a key to communicate with Bob
717 |
\item Sam responds with a key that Alice can read and a key Bob can read (pre-shared)
718 |
\item Alice sends the message encrypted with the key and the second key it recieved
719 |
720 |
721 |
722 |
723 |
$A$ sends $S$ &:& $\textit{Connect}(A,B)$\\
724 |
$S$ sends $A$ &:& $\{K_{AB}\}_{K_{AS}}$ \textcolor{black}{and} $\{\{K_{AB}\}_{K_{BS}}\}_{K_{AS}}$\\
725 |
$A$ sends $B$ &:& $\{K_{AB}\}_{K_{BS}}$\\
726 |
$A$ sends $B$ &:& $\{m\}_{K_{AB}}$
727 |
728 |
729 |
730 |
731 |
732 |
733 |
734 |
735 |
736 |
\frametitle{Sending Rule}
737 |
738 |
739 |
\mbox{\infer{\Gamma \vdash Q \;\textit{says}\; F}
740 |
{\Gamma \vdash P \;\textit{says}\; F & \Gamma \vdash P \;\textit{sends}\; Q : F}}
741 |
742 |
743 |
\bl{$P \,\text{sends}\, Q : F \dn$}\\
744 |
\hspace{6mm}\bl{$(P \,\text{says}\, F) \Rightarrow (Q \,\text{says}\, F)$}
745 |
746 |
747 |
748 |
749 |
750 |
751 |
752 |
\frametitle{Trusted Third Party}
753 |
754 |
755 |
756 |
$A$ sends $S$ : $\textit{Connect}(A,B)$\\
757 |
\bl{$S \,\text{says}\, (\textit{Connect}(A,B) \Rightarrow$}\\
758 |
\hspace{2.5cm}\bl{$\{K_{AB}\}_{K_{AS}} \wedge
759 |
760 |
$S$ sends $A$ : $\{K_{AB}\}_{K_{AS}}$ \bl{$\wedge$} $\{\{K_{AB}\}_{K_{BS}}\}_{K_{AS}}$\\
761 |
$A$ sends $B$ : $\{K_{AB}\}_{K_{BS}}$\\
762 |
$A$ sends $B$ : $\{m\}_{K_{AB}}$
763 |
764 |
765 |
766 |
767 |
\bl{$\Gamma \vdash B \,\text{says} \, m$}?
768 |
769 |
770 |
771 |
772 |
773 |
774 |
\frametitle{Challenge-Response Protocol}
775 |
776 |
777 |
\item an engine \bl{$E$} and a transponder \bl{$T$} share a key \bl{$K$}\bigskip
778 |
\item \bl{$E$} sends out a \alert{nonce} \bl{$N$} (random number) to \bl{$T$}\bigskip
779 |
\item \bl{$T$} responds with \bl{$\{N\}_K$}\bigskip
780 |
\item if \bl{$E$} receives \bl{$\{N\}_K$} from \bl{$T$} then starts engine
781 |
782 |
783 |
784 |
785 |
786 |
787 |
788 |
789 |
\frametitle{Challenge-Response Protokol}
790 |
791 |
792 |
793 |
$E \;\text{says}\; N$\hfill(start)\\
794 |
$E \;\text{sends}\; T : N$\hfill(challenge)\\
795 |
$(T \;\text{says}\; N) \Rightarrow (T \;\text{sends}\; E : \{N\}_K \wedge$\\
796 |
\hspace{3.5cm} $T \;\text{sends}\; E : \text{Id}(T))$\;\;\;\hfill(response)\\
797 |
$T \;\text{says}\; K$\hfill(key)\\
798 |
$T \;\text{says}\; \text{Id}(T)$\hfill(identity)\\
799 |
$(E \;\text{says}\; \{N\}_K \wedge E \;\text{says}\; \text{Id}(T)) \Rightarrow$\\
800 |
\hspace{5cm}$ \text{start\_engine}(T)$\hfill(engine)\\
801 |
802 |
803 |
804 |
\bl{$\Gamma \vdash \text{start\_engine}(T)$}?
805 |
806 |
807 |
808 |
809 |
810 |
%%% Local Variables:
811 |
%%% mode: latex
812 |
%%% TeX-master: t
813 |
%%% End:
814 |